During a running Windows Vista operation system or a Windows PE session, insert your UFD device.

At a command prompt, use Diskpart to format the device as FAT32 spanning the entire device, setting the partition to active. For example,

diskpart select disk 1 clean

create partition primary size=lt;size of devicegt; select partition 1

active

format fs=fat32 assign

exit

where the value of disk 1 is equal to UFD.

On your technician computer, copy all the content in the \ISO directory to your UFD device. You can manually create the directory structure or use the xcopy command to automatically build and copy the appropriate files from your technician computer to your UFD device. For example,

xcopy c:\winpe_x86\iso\*.* /s /e /f f:\

where c is the letter of your technician computer hard disk and f is the letter of your UFD device.

A group can have direct members (static membership), dynamic query-based members,

or both. When you create a dynamic membership query, you define the criteria that determines the query that Windows Intune runs to retrieve the list of group members. The group is automatically updated with members that meet the criteria whenever changes occur. You can also create groups that have static membership lists. These are groups that you manually define by explicitly adding members.

Windows Intune is a Microsoft cloud-based management solution.

Intune is primarily aimed at small and medium enterprises and service providers who want to manage up to 500 Microsoft Windows computers. Distribution is through a subscription system in which a fixed monthly cost is incurred per PC. The minimum subscription duration is one year. Included in the package is the Windows operating system, currently Windows 8 Enterprise.

Question No: 75

You administer Windows 8.1 Pro tablets that are members of an Active Directory domain. Your company policy allows users to download and install only certain few Windows Store apps.

You have created a new AppLocker Packaged Apps policy to help enforce the company

policy.

You need to test the new AppLocker Packaged Apps policy before you implement it for the entire company.

What should you do?

Open PowerShell and run the Get-AppLockerPoIicy -Effective cmdlet to retrieve the AppLocker effective policy.

Open Group Policy Management console and run the Group Policy Modeling Wizard.

Open Group Policy Management console and run the Group Policy Results Wizard.

Open Group Policy Management console and enforce the new AppLocker policy in Audit Only mode.

Answer: D

Explanation: Step 1: Enable the Audit only enforcement setting

By using the Audit only enforcement setting, you can ensure that the AppLocker rules that you have created are properly configured for your organization. This setting can be enabled on the Enforcement tab of the AppLocker Properties dialog box.

Test the AppLocker policy to determine if your rule collection needs to be modified. Because you have created AppLocker rules, enabled the Application Identity service, and enabled the Audit only enforcement setting, the AppLocker policy should be present on all client computers that are configured to receive your AppLocker policy.

Reference: Test and Update an AppLocker Policy

Question No: 76

You have a client Windows 8.1 Enterprise computer. The computer is joined to an Active Directory domain. The computer does not have a Trusted Platform Module (TPM) chip installed.

You need to configure BitLocker Drive Encryption (BitLocker) on the operating system drive.

Which Group Policy object (GPO) setting should you configure?

Configure use of hardware-based encryption for operating system drives.

Allow access to BitLocker-protected fixed data drives from earlier version of Windows.

Question No: 77

You are a systems administrator for your company. The company has employees who work remotely by using a virtual private network (VPN) connection from their computers, which run Windows 8 Pro. These employees use an application to access the company intranet database servers. The company recently decided to distribute the latest version of the application through using a public cloud.

Some users report that every time they try to download the application by using Internet Explorer, they receive a warning message that indicates the application could harm their computer.

You need to recommend a solution that prevents this warning message from appearing, without compromising the security protection of the computers.

What should you do?

Publish the application through a public file transfer protocol (FTP) site.

Digitally sign the application by using a trusted certificate, and then update the default App Package Deployment policy on all computers.

Change the default Software Restriction Policies on the client computers.

Change the default Applications Control Policies on the client computers.

Answer: B

Explanation: Note: The app package signature ensures that the package and contents haven#39;t been modified after they were signed. If the signing certificate validates to a Trusted Root Certification Authorities Certificate, the signature also identifies who signed the package.

Question No: 78 DRAG DROP

Your network contains Windows RT client computers. All certificates are issued by an internal certification authority (CA). All of the computers are managed by using Windows Intune.

You have a Windows 8.1 client computer named Clientl and a Windows RT client computer named Client2.

On Clientl, you develop a Windows Store app named Appl.

You need to recommend the tasks that must be completed to ensure that Client2 can install Appl.

What should you recommend? (To answer, drag the appropriate tasks to the correct location or locations. Each task may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)